Thread replies: 20
Thread images: 4
Thread images: 4
http://ablock-kill-proof-of-concept.epizy.com/
Hi! I made a proof of concept for an adblock killer that should successfully counter every known/publicly available adblocker on the net. You should not be able to block both the advertisement and view the other images and the content. Additionally, you should not be able to block the javascript from running and see the content. I'm interested in how you can break it!
Feel free to read the code. I don't actually know html/css/js/php, but it should be fairly clear and well commented.
I don't think you can easily break this specific simple test case with a naive script either, unless you go as far as calculating statistics on the images. I'm be interested in your solutions.
Keep in mind that I'm in not interested in either ads or adblockers, I simply had a fun idea that I wanted to test.
Let me know if it's really dumb and broken!
>>
It's countered very easily: alt + w
>>
>>60284928
that's assuming you don't want the content. judging by https://blockadblock.com/ (that is successfully countered by ublock), that's a tradeoff publishers are ok with.
>>
>let's make all the content images so now the user has to download 30MB of pngs before he can view the article
>>
>>60284864
fuck off
>>
>>60284969
that's not really the point. those are just placeholders, they could be buttons, social media links, backgrounds, whatever. sure, if you block every image on the page you bypass it.
>>60284987
y-you too
>>
>>60284864
>non-free jasvascript
>>>/trash/
>>
>>60284864
Looks like you're just adding some obfuscation with pseudo-crypto, but if I gave a shit that looks like it would be easy to bypass.
>>
File: VARW23M.jpg (32KB, 473x434px) Image search:
[Google]
32KB, 473x434px
>>60284864
Page worked for me on Pale Moon android + ublock origin
>>
>>60285161
Yeah, "crypto" is not the point (the xor key is fixed size, you could just xor the first n chars with the next n chars and get the key, without even needing to request the dynamic script). The point is just including the page activation and the ad delivery in the same script, and delivering the actual content with some weak obfuscation.
since you can put any function you want in the js file, and in general a script cannot figure out what another script is doing without interpreting it, you can banally change your obfuscation in 5 minutes while the adblockers have to reverse your minified/obfuscated js and push the update (and do this for every site that implements something like this independently). Sounds to me like the mouse wins.
>>
>>60285257
uh, interesting. did you see the two content images while not seeing the advertisement image? i have no idea how palemoon would do that.
>>
>>60284864
I'm on my phone, does it beat AAK?
>>
>>60285313
yup. AAK seems to do nothing at all to the page.
>>
Nice. No thumbnails can be built of these pages.
>>
>>60285405
nope, thumbnailss can and are built: http://searchengineland.com/tested-googlebot-crawls-javascript-heres-learned-220157
>>
>>60285259
>xor the first n bytes with next n bytes and get the key
no you get the XORed outcome of two n bytes. you need to run some statistical analysis to get the actual key.
Clever trick nonetheless. Is this why RMS preached us we should BTFO obfuscated js?
>>
>>60285462
I just finished waiting for the top two sites to populate a thumbnail of your URL.
Got nothing.
>>
File: Screenshot_20170508-174630.png (131KB, 1440x2560px) Image search:
[Google]
131KB, 1440x2560px
I have host file ad blocking.
>>
>>60284864
cancer
stop making the world a worse place
>>
>>60284864
my browser does not have Javascript. how will this affect me
Thread posts: 20
Thread images: 4
Thread images: 4